A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to overwrite arbitrary files.
References
| Link | Resource |
|---|---|
| http://seclists.org/fulldisclosure/2024/Mar/21 | Mailing List |
| http://seclists.org/fulldisclosure/2024/Mar/22 | Mailing List |
| http://seclists.org/fulldisclosure/2024/Mar/23 | Mailing List |
| https://support.apple.com/en-us/HT214083 | Vendor Advisory |
| https://support.apple.com/en-us/HT214084 | Vendor Advisory |
| https://support.apple.com/en-us/HT214085 | Vendor Advisory |
| http://seclists.org/fulldisclosure/2024/Mar/21 | Mailing List |
| http://seclists.org/fulldisclosure/2024/Mar/22 | Mailing List |
| http://seclists.org/fulldisclosure/2024/Mar/23 | Mailing List |
| https://support.apple.com/en-us/HT214083 | Vendor Advisory |
| https://support.apple.com/en-us/HT214084 | Vendor Advisory |
| https://support.apple.com/en-us/HT214085 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
05 Dec 2024, 16:41
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.1 |
| First Time |
Apple macos
Apple |
|
| References | () http://seclists.org/fulldisclosure/2024/Mar/21 - Mailing List | |
| References | () http://seclists.org/fulldisclosure/2024/Mar/22 - Mailing List | |
| References | () http://seclists.org/fulldisclosure/2024/Mar/23 - Mailing List | |
| References | () https://support.apple.com/en-us/HT214083 - Vendor Advisory | |
| References | () https://support.apple.com/en-us/HT214084 - Vendor Advisory | |
| References | () https://support.apple.com/en-us/HT214085 - Vendor Advisory |
Information
Published : 2024-03-08 02:15
Updated : 2024-12-05 16:41
NVD link : CVE-2024-23216
Mitre link : CVE-2024-23216
CVE.ORG link : CVE-2024-23216
JSON object : View
Products Affected
apple
- macos
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')